High availability environment
Multiple availability zones
The firewall can be configured for spanning multiple availability zones for increased availability. With availability zones, your availability can increase to 99.99 per cent uptime. No extra costs are involved in deploying Azure firewall in the availability zones
Unlimited cloud scalability
The azure firewall allows you unrestricted scaling out with network traffic so that you are not required to budget for your peak traffic.
Application FQDN Filtering Rules
You can use Fully Qualified domain names for limiting Azure SQL or outbound HTTP/S traffic. TLS termination is not required here.
Network Traffic Filtering Rules
The network traffic filtering rules can be applied for network filtering by IP addresses, ports, protocols and sources. Azure firewall can identify and distinguish packets for different connections owing to being fully stateful.
FDQN tags help to differentiate Azure network traffic from other traffic and let it permeate through the firewall
Service tags are used to differentiate different groups of IP address prefixes and create specific security rules for each group. The service tag is automatically updated as the IP address changes
Threat intelligence feature of the Azure firewall can be enabled for alerting and prohibiting traffic from malicious sources and IP addresses.
Outbound/inbound SNAT support
Outbound support involves translating outbound virtual network traffic IP addresses to Azure firewall public IP (SNAT). Traffic can be identified and allowed from virtual networks to remote online destinations. Similarly, inbound network traffic is translated to firewall public IP addresses (DNAT)
Azure Firewall can be configured to route internet bound traffic to the next hop before finally going online
Web Categories allow denial and access of user access to different website categories. These are the main features of Azure firewall which make it an impenetrable, network and systems protection agent for all your assets on the cloud.